Re: [CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-metadata-18: (with DISCUSS and COMMENT)
Ben Niven-Jenkins <ben@niven-jenkins.co.uk> Fri, 08 July 2016 00:43 UTC
Return-Path: <ben@niven-jenkins.co.uk>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD48B12D751; Thu, 7 Jul 2016 17:43:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vhT9C6GuYVr4; Thu, 7 Jul 2016 17:43:37 -0700 (PDT)
Received: from mailex.mailcore.me (mailex.mailcore.me [94.136.40.144]) by ietfa.amsl.com (Postfix) with ESMTP id 1C24912B03E; Thu, 7 Jul 2016 17:43:36 -0700 (PDT)
Received: from 176.red-83-53-71.dynamicip.rima-tde.net ([83.53.71.176] helo=[192.168.1.93]) by smtp04.mailcore.me with esmtpa (Exim 4.80.1) (envelope-from <ben@niven-jenkins.co.uk>) id 1bLJtH-0000KN-0x; Fri, 08 Jul 2016 01:43:35 +0100
Content-Type: multipart/alternative; boundary="Apple-Mail=_A88D2757-FE46-4BC5-B2DB-155AF3FC5683"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
From: Ben Niven-Jenkins <ben@niven-jenkins.co.uk>
In-Reply-To: <577D66DB.7060805@cs.tcd.ie>
Date: Fri, 08 Jul 2016 01:43:32 +0100
Message-Id: <150AD89E-279B-4D79-898E-1AB930525ACF@niven-jenkins.co.uk>
References: <20160706121028.7876.62515.idtracker@ietfa.amsl.com> <A419F67F880AB2468214E154CB8A556206E486EC@eusaamb103.ericsson.se> <577D66DB.7060805@cs.tcd.ie>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Mailer: Apple Mail (2.2098)
X-Mailcore-Auth: 9600544
X-Mailcore-Domain: 172912
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/h9MFuBimEs_jtXuUfyetqNqUafk>
Cc: "flefauch@cisco.com" <flefauch@cisco.com>, "cdni-chairs@ietf.org" <cdni-chairs@ietf.org>, The IESG <iesg@ietf.org>, "cdni@ietf.org" <cdni@ietf.org>, "draft-ietf-cdni-metadata@ietf.org" <draft-ietf-cdni-metadata@ietf.org>
Subject: Re: [CDNi] Stephen Farrell's Discuss on draft-ietf-cdni-metadata-18: (with DISCUSS and COMMENT)
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2016 00:43:40 -0000
> On 6 Jul 2016, at 21:15, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > On 06/07/16 19:48, Kevin Ma J wrote: >>> - 1.2, last para: I don't get what this is saying. What additional >>> things need specifying? If all you mean is that the dCDN and uCDN >>> need to be able to setup TLS sessions, and hence need to agree on >>> what CAs and ciphersuites to use, then maybe just say that. (You do >>> already refer to RFC7525 so most of that is covered there I >>> think.) >> >> Yes, CAs and ciphersuites, but there was also the question of keys. >> (I suppose if we went with the dCDNs generating their own keys it >> would be doable? Or if we left key sharing up to the CDNs to do >> offline, similar to URI Signing?) At the time, way back when, some >> folks looked at it and determined it to be too messy to tackle. More >> recently, though I believe you've expressed some skepticism as to the >> applicability of LURK to CDNI, > > Yeah - anything transitive with LURK is very scary. The "L" part > becomes fairly meaningless I reckon. But that's a debate for another > day. In case it is useful...I was one of the folks Kevin mentions that was worried it was too messy to tackle for a couple of reasons (1) I was worried if we tried to specify some key distribution mechanism we’d come up against lots of resistance from security folks which would bog down progress, and (2) majority of the CDNI use cases I was aware of involved delivering video which was likely to be DRM’d (Nokia’s Velocix CDN product has supported HTTPS for years and I’m not aware of any of our customers delivering video over HTTPS primarily because their content is already DRM’d and they don’t want to pay the performance hit that comes with TLS for already encrypted content). Ben
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Ben Niven-Jenkins
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Kevin Ma J
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [CDNi] Stephen Farrell's Discuss on draft-iet… Kevin Ma J
- [CDNi] Stephen Farrell's Discuss on draft-ietf-cd… Stephen Farrell